IETF Logo Mail Archive

Re: Client as Server: auth use case

Cory Benfield <cory@lukasa.co.uk> Wed, 27 January 2021 10:07 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA6463A0C9F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 27 Jan 2021 02:07:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.671
X-Spam-Level:
X-Spam-Status: No, score=-2.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lukasa-co-uk.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQ0UusHzzMqh for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 27 Jan 2021 02:07:00 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FDD53A0C9D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 27 Jan 2021 02:07:00 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1l4hgm-0001wy-BY for ietf-http-wg-dist@listhub.w3.org; Wed, 27 Jan 2021 10:04:40 +0000
Resent-Date: Wed, 27 Jan 2021 10:04:40 +0000
Resent-Message-Id: <E1l4hgm-0001wy-BY@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <cory@lukasa.co.uk>) id 1l4hgk-0001wC-3H for ietf-http-wg@listhub.w3.org; Wed, 27 Jan 2021 10:04:39 +0000
Received: from mail-lj1-x22d.google.com ([2a00:1450:4864:20::22d]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <cory@lukasa.co.uk>) id 1l4hgh-00085w-SL for ietf-http-wg@w3.org; Wed, 27 Jan 2021 10:04:37 +0000
Received: by mail-lj1-x22d.google.com with SMTP id r14so1395487ljc.2 for <ietf-http-wg@w3.org>; Wed, 27 Jan 2021 02:04:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lukasa-co-uk.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=kt9abwYbN8WXj55nyA7ks44m59Idp1620oQyPlY/q0Q=; b=bLb3ijjRzR2dTW+KufygZrnpo0dYJS8Kg1uLn28LxnrUYxoOxfxN/P1ljTt1FH9QYv vacabnv4Drv0RZcKx6F3/WgQbAa6dcPQzt12l0S7aBbeerXqGwKCC7em+LlEdKlVppNT QKVX80B8xiMTYWpV+qXzGVl/Aq0UJumLl6WPAOdIrbu3pdFKIEkJszzmBbovv0RUDdUQ IHHTN/tNKWCX0D2ELbT2TEVTmjurvUHRYQD8C+f5PUy3Cvn7jCCwr1IsUU0lYtUb01Ab Sv9o8ykE202HpymD1U943Qx51WChpv6bpZTkpck9WVytLsd/ZW0ftgAzftGw+i1yylCt 7gkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=kt9abwYbN8WXj55nyA7ks44m59Idp1620oQyPlY/q0Q=; b=l5XSReBYuYS46lLlNzsw7MQdeDoztYcU9dzvPY7pi7nSbIbolKxPCt3ACewwbBySa6 /fmQf87XE+F3GfSkdRkV92VhWwZBT86Katm6J6NgPtCTEHLnYkhhp2RQdCHWCVrecqMH HHM8Q1oo5hK4PHckpMjBUGt4seX/If6fcx7h/zNsWmgN30To0TEqsz1GYnD6UH0mnvaX gqXM7zuhIV0F5mslmnhznV0H5fZVfiT1Wh6+PItiBgHyiSpSLz+eiZv2WQLaybq0WpPy 9u7a/rjurpGL48phgfUuqW9secyICIiFMWFJlDpRyZnpF4JHW8LCqD/13nl29b26CE1z RtFA==
X-Gm-Message-State: AOAM5335BvH9KUlC2Fk4AtoqndsG9Atm3uEKxZ1WIZy49W4wrtpx0w78 F/WqqsocOsRiVZy1F6cu91f3+lNWkS+lei44kVG1tPcKO4ynpQ==
X-Google-Smtp-Source: ABdhPJyG2TTDRQav2jKkMdJfOsB+vn4GooSeeOFhbsP0YU7w9ykojW5bwXuB1Z7GyFo6iB7gliSj4V2lGOE50uyxYFc=
X-Received: by 2002:a2e:9252:: with SMTP id v18mr5354571ljg.352.1611741863985; Wed, 27 Jan 2021 02:04:23 -0800 (PST)
MIME-Version: 1.0
References: <59C947BD-9BB7-4C4A-A175-1625F640EBCA@bblfish.net>
In-Reply-To: <59C947BD-9BB7-4C4A-A175-1625F640EBCA@bblfish.net>
From: Cory Benfield <cory@lukasa.co.uk>
Date: Wed, 27 Jan 2021 10:04:13 +0000
Message-ID: <CAH_hAJH14SLkJ9K-fMt3ke24OELciUtA9dxMqN1KfgqHHpPBgw@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=2a00:1450:4864:20::22d; envelope-from=cory@lukasa.co.uk; helo=mail-lj1-x22d.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=cory@lukasa.co.uk domain=lukasa-co-uk.20150623.gappssmtp.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1l4hgh-00085w-SL 9e261def263159cfac58183a237b585d
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Client as Server: auth use case
Archived-At: <https://www.w3.org/mid/CAH_hAJH14SLkJ9K-fMt3ke24OELciUtA9dxMqN1KfgqHHpPBgw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38406
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

This is an idea that comes up a lot. In fact, it has come up so much
that I wrote a draft that would attempt to encode this idea in HTTP/2
back in 2015. https://tools.ietf.org/html/draft-benfield-http2-p2p-02

The issue I bumped into then is the same one that faces you now.
Specifying this behaviour is not terribly hard: demonstrating that
it's sufficiently useful to implement is. It is likely to be
substantially more useful to attempt to actually deploy such an
extension in a controlled environment and demonstrate its utility in
that space, then return with a specification.

Cory

On Tue, 26 Jan 2021 at 14:23, Henry Story <henry.story@bblfish.net> wrote:
>
> Hi,
>
>    I was wondering if the newer versions of HTTP (perhaps Quic)
> can allow the server to make a request back to the client as
> an HTTP request. This could be useful for exchanging keys or
> certificates in a RESTful way.
>
> As an example take the "Signing HTTP Messages” spec, which has a
> keyId field. The value placed there could be a full URL (did, https, …)
> pointing to a key on the web, or it could be a key stored on
> the client with a relative URL path. This would allow the server
> for that connection make a simple HTTP GET request on that
> relative URL to the client.  (These relative urls function here
> as indexicals as ”you” and ”I” in a conversation between two
> people).
>
> Going further the client might want to add a ”Credential: …” header
> with as value a URL. This could be a full URL pointing to a credential
> on the Web, or perhaps a relative URL to be resolved by the server
> by asking the client.
>
> The value is that in both cases if the server has cached the key
> or credential it would not need to be fetch it again. Another one
> is that key material and credentials would not need to be fetched
> on the web - reducing dependency on other services, requiring credentials
> to be published, …
>
> One would need to make a distinction between relative URLs
> to be resolved on $you the server or $me the client.
>
> There may be many other use cases for allowing the server
> to make requests to the client on the same connection.
>
> Thanks in advance,
>
>
> [1] https://tools.ietf.org/html/draft-ietf-httpbis-message-signatures-01
>
> Henry Story
>
> https://co-operating.systems
> WhatsApp, Signal, Tel: +33 6 38 32 69 84‬
> Twitter: @bblfish
>

v2.23.0 | Report a Bug | By Email